Add Minimal Credential Disclosure ex. in Privacy #95
Conversation
|
Add a use case for a friend of a friend of a friend access control or follower use case. |
proposals/wac-ucr/index.bs
Outdated
| blogs have restrictions on who can post to avoid spam. Alice has direct | ||
| access to many of them, but they don't all know her under the same | ||
| identitfier. Some provide access via social network relationships, such | ||
| as being the friend of a friend of the Blog's author. Alice would like to |
There was a problem hiding this comment.
If you want to focus on FoF based scenarios, I would suggest to focus this Use case on that and clarify details around how storage server can or can not access information around friendships.
There was a problem hiding this comment.
I wrote up a use case for giving comment access to extended social network that should help with reworking this issue. a4eb4ac
There was a problem hiding this comment.
Agree - this one feels more specific to a FoF than related to minimal credential disclosure. I think this should focus on the FoF case since the minimal disclosure is covered well in uc-minimalcredentials
proposals/wac-ucr/index.bs
Outdated
| ### Minimal Credential Disclosure ### {#uc-minimalcredentials1} | ||
|
|
||
| To continue with the [[#uc-whopermitted]] example, Oscar now wants to | ||
| view Alice's `resume` which is not publically accessible. To gain access, | ||
| he needs to authenticate with the right credentials. Oscar does not want | ||
| to try out each one of his credentials one by one until he gains access, | ||
| as that would both be slow and allow Alice to connect his different personas. |
There was a problem hiding this comment.
uc-minimalcredentials can be taken up independently of uc-whopermitted because uc-minimalcredentials' requirements can potentially disclose any specific set of agents, their class, or group. The example from uc-whopermitted should at most reveal what class of agents or groups can access - it strictly does not want to reveal individuals.
We can acknowledge uc-minimalcredentials, but needless to say, it doesn't entail that readable ACLs are required or even anything on the authorization layer. If this is truly about a shared understanding of what kind of credentials are acceptable, then it may be preferable to address this in a prior layer, and so not necessarily having to wire it up with WAC/ACLs. Consider the situation where a different Access Control mechanism is used. We'd still want to realise uc-minimalcredentials.
proposals/wac-ucr/index.bs
Outdated
| @@ -802,6 +802,29 @@ For example, if the data Carol and Oscar saw in the resume was | |||
| background, she wouldn't want them to know that they were only seeing | |||
| a filtered view. | |||
|
|
|||
| ### Minimal Credential Disclosure ### {#uc-minimalcredentials} | |||
|
|
|||
| To continue with the [[#uc-whopermitted]] example, Oscar now wants to | |||
There was a problem hiding this comment.
This references #uc-whopermitted, but it seems that it would make sense for this one to reference [[#capabilities-vc]], since those use cases are specifically related to authorization by verifiable credential.
proposals/wac-ucr/index.bs
Outdated
| blogs have restrictions on who can post to avoid spam. Alice has direct | ||
| access to many of them, but they don't all know her under the same | ||
| identitfier. Some provide access via social network relationships, such | ||
| as being the friend of a friend of the Blog's author. Alice would like to |
There was a problem hiding this comment.
Agree - this one feels more specific to a FoF than related to minimal credential disclosure. I think this should focus on the FoF case since the minimal disclosure is covered well in uc-minimalcredentials
|
I removed both use cases and written them as one new one that refers to the credentials section, emphasizing the multiple credentials use case and the need for minimal disclosure. So this use case is really completely rewritten. |
The ability to allow Minimal Credential Disclosure is an important aspect Authorization schemes.
A quick search gave me this paper:
https://link.springer.com/article/10.1007/s12394-009-0022-6